Code Red

lucifer at lightbearer.com lucifer at lightbearer.com
Fri Jul 20 03:40:12 UTC 2001


Dave Stewart wrote:
> 
> At 11:12 PM 7/19/2001, lucifer at lightbearer.com wrote:
> >Reports from our monitoring systems saw the CPU usage jump by somewhere
> >between 150-200% for our core routers today; our current theory is that
> 
> Web servers that were hit beginning this morning at 11:26:41 EDT have not 
> seen another attempt since 19:49:53.
> 
> I'm wondering if this because it was coming up on 00:00:00 GMT 20-July-2001.
> 
> According to the PC-Cillin write up, the 100-thread scan only takes place 
> if the system date is less than 20, but if it's 20-28, it launches it's DOS 
> attack at www1.whitehouse.gov
> 
> Does anybody really know yet what payloads this thing is carrying?

That would roughly correspond with the dropoff in CPU usage, here. Not
proof, but... reasonably strong circumstantial. I guess we'll see for
sure tomorrow, depending on how the traffic stats look.
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer at lightbearer.com              http://www.lightbearer.com/~lucifer



More information about the NANOG mailing list